From patchwork Fri Jul 5 12:06:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alejandro Colomar X-Patchwork-Id: 93422 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A480B388463E for ; Fri, 5 Jul 2024 12:06:49 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by sourceware.org (Postfix) with ESMTPS id 5663D38845FA for ; Fri, 5 Jul 2024 12:06:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5663D38845FA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=kernel.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5663D38845FA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2604:1380:4641:c500::1 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1720181188; cv=none; b=bHiSyE0KGUOE1V7JfeEDYD/mh56vEIl2sFHa3tSxp3Lv10NMm1h4t1eEfPiRiFaHLFOC2b57deIO7XbrrrYXLBuEnCYK1aTDGWSYyVpfBx/nS8Upqeqg98JnO8G0NVUrVbZO8xB5npGOVM3+qVMRSea9W1EsyJewYp34Nyjuff0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1720181188; c=relaxed/simple; bh=CZxI1sLUd25WkB9rNSbrSXebAtQZcOWTxXJOZS/pCTg=; h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=UclonBiY0R7Zz1iYC8P9Wrxn4IjU02yON5rrhOIyPkfdIwhcxOqfqarPyUPscF0BDtlMTs5M7umbpJp1zq7rPquc3jUN22Tj0P05e/a0+b4It5JX5DJYNN9tADLIzKMGrhnn7yZHifM86JcS+HCOzVAmbo0nbZPoqknTZvJIOag= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id EF9DC629A9; Fri, 5 Jul 2024 12:06:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D2592C116B1; Fri, 5 Jul 2024 12:06:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1720181185; bh=CZxI1sLUd25WkB9rNSbrSXebAtQZcOWTxXJOZS/pCTg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=qU6Z5EIhkDZVBhaRbBOabAlstxkFegZ2KzhlRyiPgJT9V6f6GwovRHBitWRasn9vP OCkF9WwPEEOkxM4M6DXPensMwzWuFQweg2TeAW2+KT5ssWzTPw38K94D6+jYr3rfCZ Gr3SUuws5v5sAgt5/lDdXwk0eGfqsyfN7+5ySnHZeTLayNhOonCsbT6+DfRy4lQqc+ tB4tCMnKh+6X63xmiqnLrCnZVkdClmRmeUU6aCRPm7Qu/yz6k3HGAu4kubT2GE+R6R wCNJefimvEDO2ghCfFrjtK2ByduRKJPhGM4eOmdSRMD0zacuhPj0viRBkZCBwcIQ0A fZc+K7g9jEGeg== Date: Fri, 5 Jul 2024 14:06:23 +0200 From: Alejandro Colomar To: libc-alpha@sourceware.org Cc: Alejandro Colomar , Paul Eggert Subject: [PATCH v2] string/string.h: strsep(): Remove 'restrict' from delim Message-ID: <20240705120512.12046-2-alx@kernel.org> X-Mailer: git-send-email 2.45.2 References: <20240704221156.36228-2-alx@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240704221156.36228-2-alx@kernel.org> X-Spam-Status: No, score=-10.3 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org *stringp and delim should be allowed to alias each other, as strcspn(3) does. There are no optimizations that would benefit of restricted pointers. One could say that calling strsep with aliasing pointers would be nonsense, and it might be true, but so is calling strcspn(3) with aliasing pointers, and we don't prohibit that. strsep(3) doesn't have any special reasons to impose more restrictions than strcspn(3). It seems it was added in a (churny) patch that adds the qualifier to several functions, so it was probably just an accident, or didn't get much attention. Reported-by: chux Link: Link: Fixes: a6ff34d7b0b5 ("Update.") Cc: Paul Eggert Signed-off-by: Alejandro Colomar --- Hi! v2 changes: - Only remove 'restrict' from delim. stringp must not alias. It's *stringp which should be allowed to alias delim. - Add a link to a similar problem in strtol(3) (that one is even worse, because while I don't expect anyone to call strsep(3) with aliasing pointers, I do expect --and have done myself-- programmers to call strtol(3) with aliasing pointers). I'll send a patch for strtol(3) (I thought I had, but it seems I had only reported the bug to GCC). - CC Paul. Cheers, Alex Range-diff against v1: 1: 36181df643 ! 1: 7535249f67 string/string.h: strsep(): Remove 'restrict' @@ Metadata Author: Alejandro Colomar ## Commit message ## - string/string.h: strsep(): Remove 'restrict' + string/string.h: strsep(): Remove 'restrict' from delim - This function doesn't need 'restrict' at all. It seems it was added in - a (churny) patch that adds the qualifier to several functions, so it was - probably just an accident. + *stringp and delim should be allowed to alias each other, as strcspn(3) + does. There are no optimizations that would benefit of restricted + pointers. + + One could say that calling strsep with aliasing pointers would be + nonsense, and it might be true, but so is calling strcspn(3) with + aliasing pointers, and we don't prohibit that. strsep(3) doesn't have + any special reasons to impose more restrictions than strcspn(3). + + It seems it was added in a (churny) patch that adds the qualifier to + several functions, so it was probably just an accident, or didn't get + much attention. Reported-by: chux Link: + Link: Fixes: a6ff34d7b0b5 ("Update.") + Cc: Paul Eggert Signed-off-by: Alejandro Colomar ## string/string.h ## @@ string/string.h: extern void explicit_bzero (void *__s, size_t __n) __THROW __no terminating it with a '\0', and update *STRINGP to point past it. */ -extern char *strsep (char **__restrict __stringp, - const char *__restrict __delim) -+extern char *strsep (char **__stringp, const char *__delim) ++extern char *strsep (char **__restrict __stringp, const char *__delim) __THROW __nonnull ((1, 2)); #endif string/string.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/string/string.h b/string/string.h index d2d5c5f1f9..256e2b181f 100644 --- a/string/string.h +++ b/string/string.h @@ -468,8 +468,7 @@ extern void explicit_bzero (void *__s, size_t __n) __THROW __nonnull ((1)) /* Return the next DELIM-delimited token from *STRINGP, terminating it with a '\0', and update *STRINGP to point past it. */ -extern char *strsep (char **__restrict __stringp, - const char *__restrict __delim) +extern char *strsep (char **__restrict __stringp, const char *__delim) __THROW __nonnull ((1, 2)); #endif